January 26th, 2012 
Mourad Ben Lakhoua WordPress CMS is now open to several vulnerabilities that allow an attacker to conduct SQL injection and run a malicious javascript on visitor’s machine over a cross site scripting bug. Actually the bug exist during the installation process so in order to take control on the remote webserver there are condition required which an incomplete [...]
Posted in Vulnerabilities, Vulnerabilities & attacks 
Tags: CMS, Web Security, Website Hacking, WordPress, Zero-day 
No Comments » November 25th, 2011 Mourad Ben Lakhoua Apache team is working on fixing a new vulnerability that allows an attacker from internet to have an internal access to the system. This zero day is reported by Prutha Parikh from Qualys. On a blog post published there are 2 examples on how to exploit this vulnerability with a fully patched Apache Web Server [...]
August 25th, 2011 Mourad Ben Lakhoua Apache Killer a new exploit that uses a serious Apache vulnerability discovered over 54 months ago, the bug allows hacker to conduct a denial of service attack and turn any web server down. Under certain conditions Apache internally is inefficient at handling such request which ‘explode’ into many 100′s of internal requests for large byte [...]
March 14th, 2011 Mourad Ben Lakhoua Microsoft is investigating new public reports of vulnerability in all supported editions of Microsoft Windows. The vulnerability could allow an attacker to cause a victim to run malicious scripts when visiting various Web sites, resulting in information disclosure. This impact is similar to server-side cross-site scripting (XSS) vulnerabilities. MHTML, or Mime HTML, is a standard [...]
September 16th, 2009 Mourad Ben Lakhoua TippingPoint and Qualys two security companies have been involved in a study named “The Top Cyber Security Risks” revealed that more than half of all cyber attacks are targeting applications and websites. This report is based on information collected from March to August 2009 from customers that are using the Intrusion prevention system and network [...]
Posted in Internet, News, Operating System, Vulnerabilities, Web Security Tags: Risk, SANS, Security, Vulnerability Research, Zero-day 7 Comments » September 2nd, 2009 Mourad Ben Lakhoua Updating software packages, configuring firewall properly and implementing an antivirus solution can help to guarantee good security for a home user. But when it comes for corporate information system that provides services for public network and have an outside access, security should be considered more seriously. Different vulnerabilities and interconnected system creates a new type [...]
July 30th, 2009 Mourad Ben Lakhoua Internet Systems Consortium and US-CERT warned of a new vulnerability that concerns DNS-server code, Berkeley Internet Name Domain 9 (BIND9), this vulnerability can lead to system failure in the popular DNS BIND9. Richard Hyatt from Bluecat Networks Inc. alerted of the new zero day vulnerability and encourages all costumers to patch there servers as soon [...]
Posted in Vulnerabilities & attacks Tags: DNS vulnerability, DoS, Internet Systems Consortium, US-CERT, Zero-day 1 Comment »
